[nycbug-talk] Monitoring LAN on IPv6
quigongene at gmail.com
Wed Oct 31 17:33:25 EDT 2007
On 10/31/07, Vitaliy Gladkevitch <vitaliy at gmail.com> wrote:
> During Gene Cronk's presentation he has mentioned some of the
> difficulties network administrators will have monitoring traffic on
> networks in IPv6 world because of end-to-end IPsec connections. One
> method mentioned was firewall sending signals to each client, similar
> to enterprise AV's, can someone please discuss this method and
> implementation in greater detail? And if you have any other ideas to
> address this problem, please do share.
Bear in mind that the scenario and software I was discussing at the meeting
is theoretical. I know of no implementation of it as of yet.
That being said, essentially what would be needed is a piece of software
running on a client machine that communicates with a server to get statical
information, blacklist information, malware information, or a combination
thereof. Then, as the machine decrypts the traffic, it is routed directly
through the software "filter" and the proper packets are dropped/scrubbed
before they hit the rest of the system.
It's a man in the middle attack taking place on localhost if you think about
it. The client software alerts the server of malicious traffic and the
server take appropriate action for the rest of the network, sending updates
via a push method. Again, all theoretical.
Anyway, hope this clears the air a little. If not, I'll be more than happy
to explain in depth.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talk